aboutsummaryrefslogtreecommitdiffstats
path: root/main/musl
diff options
context:
space:
mode:
Diffstat (limited to 'main/musl')
-rw-r--r--main/musl/0001-fix-strftime-y-for-negative-years.patch34
-rw-r--r--main/musl/0002-make-globfree-safe-after-failed-glob-from-over-lengt.patch44
-rw-r--r--main/musl/APKBUILD10
3 files changed, 87 insertions, 1 deletions
diff --git a/main/musl/0001-fix-strftime-y-for-negative-years.patch b/main/musl/0001-fix-strftime-y-for-negative-years.patch
new file mode 100644
index 0000000000..85d21c7e3f
--- /dev/null
+++ b/main/musl/0001-fix-strftime-y-for-negative-years.patch
@@ -0,0 +1,34 @@
+From 61fb81e3959ecf0848eef8d2767bb80ae5d1a68e Mon Sep 17 00:00:00 2001
+From: Rich Felker <dalias@aerifal.cx>
+Date: Mon, 2 Jan 2017 17:30:40 -0500
+Subject: [PATCH 1/2] fix strftime %y for negative years
+
+commit 583ea83541dcc6481c7a1bd1a9b485526bad84a1 fixed the case where
+tm_year is negative but the resulting year (offset by 1900) was still
+positive, which is always the case for time_t values that fit in 32
+bits, but not for arbitrary inputs.
+
+based on an earlier patch by Julien Ramseier which was overlooked at
+the time the previous fix was applied.
+---
+ src/time/strftime.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/time/strftime.c b/src/time/strftime.c
+index e103e02b7204..a30392044bf8 100644
+--- a/src/time/strftime.c
++++ b/src/time/strftime.c
+@@ -166,8 +166,8 @@ const char *__strftime_fmt_1(char (*s)[100], size_t *l, int f, const struct tm *
+ item = T_FMT;
+ goto nl_strftime;
+ case 'y':
+- val = tm->tm_year % 100;
+- if (val<0) val += 100;
++ val = (tm->tm_year + 1900LL) % 100;
++ if (val < 0) val = -val;
+ goto number;
+ case 'Y':
+ val = tm->tm_year + 1900LL;
+--
+2.8.3
+
diff --git a/main/musl/0002-make-globfree-safe-after-failed-glob-from-over-lengt.patch b/main/musl/0002-make-globfree-safe-after-failed-glob-from-over-lengt.patch
new file mode 100644
index 0000000000..db1083531b
--- /dev/null
+++ b/main/musl/0002-make-globfree-safe-after-failed-glob-from-over-lengt.patch
@@ -0,0 +1,44 @@
+From 769f53598e781ffc89191520f3f8a93cb58db91f Mon Sep 17 00:00:00 2001
+From: Rich Felker <dalias@aerifal.cx>
+Date: Mon, 2 Jan 2017 19:47:12 -0500
+Subject: [PATCH 2/2] make globfree safe after failed glob from over-length
+ argument
+
+commit 0dc99ac413d8bc054a2e95578475c7122455eee8 added input length
+checking to avoid unsafe VLA allocation, but put it in the wrong
+place, before the glob_t structure was zeroed out. while POSIX isn't
+clear on whether it's permitted to call globfree after glob failed
+with GLOB_NOSPACE, making it safe is clearly better than letting
+uninitialized pointers get passed to free in non-conforming callers.
+
+while we're fixing this, change strlen check to the idiomatic strnlen
+version to avoid unbounded input scanning before returning an error.
+---
+ src/regex/glob.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/regex/glob.c b/src/regex/glob.c
+index 6affee040c31..5b6ff1247f43 100644
+--- a/src/regex/glob.c
++++ b/src/regex/glob.c
+@@ -169,8 +169,6 @@ int glob(const char *restrict pat, int flags, int (*errfunc)(const char *path, i
+ d = "";
+ }
+
+- if (strlen(p) > PATH_MAX) return GLOB_NOSPACE;
+-
+ if (!errfunc) errfunc = ignore_err;
+
+ if (!(flags & GLOB_APPEND)) {
+@@ -179,6 +177,8 @@ int glob(const char *restrict pat, int flags, int (*errfunc)(const char *path, i
+ g->gl_pathv = NULL;
+ }
+
++ if (strnlen(p, PATH_MAX+1) > PATH_MAX) return GLOB_NOSPACE;
++
+ if (*p) error = match_in_dir(d, p, flags, errfunc, &tail);
+ if (error == GLOB_NOSPACE) {
+ freelist(&head);
+--
+2.8.3
+
diff --git a/main/musl/APKBUILD b/main/musl/APKBUILD
index dd3dccf417..233908e4e9 100644
--- a/main/musl/APKBUILD
+++ b/main/musl/APKBUILD
@@ -2,7 +2,7 @@
# Maintainer: Timo Teräs <timo.teras@iki.fi>
pkgname=musl
pkgver=1.1.16
-pkgrel=0
+pkgrel=1
pkgdesc="the musl c library (libc) implementation"
url="http://www.musl-libc.org/"
arch="all"
@@ -13,6 +13,8 @@ makedepends="$depends_dev"
subpackages="$pkgname-dev $pkgname-dbg libc6-compat:compat:noarch"
[ "$BOOTSTRAP" != "nolibc" ] && subpackages="$subpackages $pkgname-utils"
source="http://www.musl-libc.org/releases/musl-$pkgver.tar.gz
+ 0001-fix-strftime-y-for-negative-years.patch
+ 0002-make-globfree-safe-after-failed-glob-from-over-lengt.patch
ldconfig
__stack_chk_fail_local.c
@@ -125,18 +127,24 @@ compat() {
}
md5sums="ac52ccaec6b06ab0f289d37e8436859b musl-1.1.16.tar.gz
+d9da36992a9ccd200242b38b67823b95 0001-fix-strftime-y-for-negative-years.patch
+93a7dfa98dff324f2242d10f7c2d68f8 0002-make-globfree-safe-after-failed-glob-from-over-lengt.patch
830d01f7821b978df770b06db3790921 ldconfig
0df687757221bbb0fc1aa67f1bd646f9 __stack_chk_fail_local.c
57ef2c63b9ec6a2041694ace97d4ffa2 getconf.c
eadc8794eadb79dbc383b2b91a32084d getent.c
45f92f8d59cf84d765de698a9578dbf4 iconv.c"
sha256sums="937185a5e5d721050306cf106507a006c3f1f86d86cd550024ea7be909071011 musl-1.1.16.tar.gz
+ec5209fe48aa54a859cc034557b7cca8307adaf345b3f7c061e0b284eee00ccc 0001-fix-strftime-y-for-negative-years.patch
+b8c92e4c6c60b67fde4eab3465041c12a942a319501710babaf3b6ead381bd95 0002-make-globfree-safe-after-failed-glob-from-over-lengt.patch
b4a2c06db38742e8c42c3c9838b285a7d8cdac6c091ff3df5ff9a15f1e41b9c7 ldconfig
299a7d75a09de3e2e11e7fb4acc3182e4a14e868093d2f30938fce9bfcff13da __stack_chk_fail_local.c
d87d0cbb3690ae2c5d8cc218349fd8278b93855dd625deaf7ae50e320aad247c getconf.c
b323f20c9bf560a13c877eb05428bc4a203383697bac763e7b12865db5c5922c getent.c
f79a2930a2e5bb0624321589edf8b889d1e9b603e01e6b7ae214616605b3fdd7 iconv.c"
sha512sums="47c00e50b7605102fb4aebe1f9ba9db94d26fac64805f6d744c9c557a05b8a58dff7f9558ff7c8d66b5d7c43740cdc2dd79448bacac47f1414e6ada99c210140 musl-1.1.16.tar.gz
+74e95ab3a74513e7a0513e004c376d4055eca0e21162e717dfcab249302a9060d3ac3eb88b562dea14b71b475b4dd2f703e355e2f5050b58891a848c5093c5f6 0001-fix-strftime-y-for-negative-years.patch
+04805970e7dc11f84a86df49688f3b7670933860192e99637e189494c261e49b3cce1d80019d69341452062df03d5a349450015076c947296ac4a0d40e5789f4 0002-make-globfree-safe-after-failed-glob-from-over-lengt.patch
8d3a2d5315fc56fee7da9abb8b89bb38c6046c33d154c10d168fb35bfde6b0cf9f13042a3bceee34daf091bc409d699223735dcf19f382eeee1f6be34154f26f ldconfig
062bb49fa54839010acd4af113e20f7263dde1c8a2ca359b5fb2661ef9ed9d84a0f7c3bc10c25dcfa10bb3c5a4874588dff636ac43d5dbb3d748d75400756d0b __stack_chk_fail_local.c
0d80f37b34a35e3d14b012257c50862dfeb9d2c81139ea2dfa101d981d093b009b9fa450ba27a708ac59377a48626971dfc58e20a3799084a65777a0c32cbc7d getconf.c
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-12 15:22:15 +0000